VMware’s Project Horizon: What It Is and How Will We Get It?

Manage the User Locally, but Extend Identity to the Cloud

Starting at last years VMWorld one of the hottest topics has been Project Horizon. What was initially billed as an Enterprise App store will be released in three phases.

Phase 1: Secure Identity and Manage SAAS Apps
– Federate AD to Cloud SAAS Apps
– Simplify End User Experience with SSO
– Provision Users to mainstream SAAS Apps

A complementary product to many of your Identity Access and Management suites, Horizon will use a virtual machine placed in your DMZ that is referred to as the Horizon Connector.

Connector acts as a broker between the enterprise and the SAAS services. Secure tokens are used for the communication into the Horizon Cloud. Connectors from the Cloud could begin with Google Apps, Salesforce, Success Factors, Workday, Zimbra, Mozy, and Box.Net. These are done with SAML (http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) federation. SAML is an open standard that provides high security with no passwords, digitally signed tokens are passed for access. Access and reporting can be done from the Horizon Connector for auditing and license tracking.

Phase 2: Modernize your Windows Environment
– Virtualize your windows apps for isolation and portability
– Secure and Mange the desktop
– Orchestrate Windows App Delivery Options

This phase will bring applications into an app store, very similar to http://myonelogin.com/, with the addition of being able to add in ThinApp applications and Microsoft App-V packages. With a client to be released for desktops Horizon should be able to push icons for applications directly to the desktop after they are selected from the enterprise app store.

Phase 3: Control Your data and Collaboration
– Automatic Data Sync to trusted devices
– Encrypt data across different platforms
– Enable Simplified End User Collaboration

The last phase of this rollout will include being able to allow access to data and transfer/sync user data regardless of platform or applications, either within the enterprise or with SAAS products.

New Desktop Virtualization Certifications from VMware

VMware announced at Partner Exchange yesterday a new certification designed specifically around desktop virtualization. The VMware Certified Associate – Desktop or VCA4-DT is the first of these certifications and the test is being ran in beta at Partner Exchange. According to the education team this is the first of 3 new certifications. There will be a VCP-DT for desktop focused engineers as well as a VCAP-DT for the most advanced desktop focused virtualization architects.

There are no prerequisites for the VCA exam, however VMware recommends taking the VMware View Fundamentals and the View 4.5 Install, Configure and Manage classes. The current requirements for the VCP4-DT will include passing the VCA4-DT and attaining a VCP4 certification.

The test is still in beta, however there is a blueprint on the VMware website (http://bit.ly/erCNUD). The beta test is 110 questions with top is ranging from the CLI commands, to maximum capabilities. Before taking the test you will want to make sure you have worked on View often, including troubleshooting.

VMware Partner Exchange: New Products, Certifications and Competencies

VMware, like many other large corporations, announces new products at their large conferences. So far at Partner Exchange, I’ve seen VMware announce new competencies for its partners, new products to run the cloud, new certifications for technology professionals, and new email collaboration suites. The questions that come to mind are how all of these will impact the consumer, why it matters to the IT manager and how it will affect normal business user. In an effort to sum up the changes and the impacts, I will break each of these down along with why you should care.

Partner Competencies
New competencies include virtualization of business critical applications, cloud computing, security and management. The largest impact for consumers will be the cloud computing and tier one apps. Server virtualization has reached a point where most servers are being built virtually first, 2009 being the first year where more servers were virtual than physical. Competency in tier one applications (Exchange, SQL, and Oracle the major players) gives partners credentials to support essential applications. As an IT staff, the ability to call in a partner expert that knows how to do these large scale virtualization transitions is similar to calling in a plumber to fix a leak versus calling a handyman. The cloud competency certifies that the partner can help any company look strategically and determine how the cloud can be leveraged to help grow the enterprise.

Cloud Management Products
The vCloud Connector was announced yesterday and is a free plug-in for the traditional vCenter client that will allow a user to access the public clouds from within one console. When building out a development or testing environment, a user could leverage the low operating cost of public clouds versus more capital expenditures for underutilized equipment. Operations Manager is another product that was released that leverages public and private clouds and builds on the web based interfaces that VMware has built with the Service Director and View products.

The desktop certifications that I wrote about in earlier blog post touches on the need for IT staffs to know how to make a transition between the traditional desktop and the virtual desktops. The move into ‘bring your own computer and tablet’ driven business means that IT staff will need expertise around the products that allow the end user to use whatever device they want while still providing enterprise applications.

Zimbra Suite
The new collaboration suite released this week give enterprises flexibility to look at new desktop applications for email and calendars. The norm has been Outlook but at a substantial Microsoft licensing cost.

The combination of these products, certifications, and competencies and knowing which works when is going to be the key to move IT into the next level and allow enterprise IT shops to become strategic thought leaders.

Comment viewing options

PEX Track Session : VMware View

VMware View as a business catalyst. That was the overwhelming focus of the solution track boot camp at Partner Exchange today. I was very excited to hear the product team at VMware go into details about the total cost of ownership and return on investment that comes from a VMware View deployment. Imagine being able to take a physical server infrastructure that costs over $3 to manage for just a single dollar worth of hardware and being able to reduce that to just over $1.

The historical argument has been that it is impossible for the cost to be so much lower when you have to buy server and storage hardware instead of a desktop. Add in the Microsoft licensing and the View licensing and it has to be more expensive.

Not the case. Using some of the industry standard numbers you can get up to a 50% decrease in total cost of ownership. I will make sure to get all the details and get that out in another blog soon.

Cost savings is a great thing, but how is the user experience or the management experience? The ability to split the apps from the desktop and from the profiles allows management staff to customize the user experience for performance. This sounds great, but make sure you get an assessment done first. View is not the solution for every desktop and every application and an assessment can help you see exactly which desktops and which solutions will help you move into a virtual desktop infrastructure.

Once you have the results of your assessment there are a few things that may come in handy:

• Administrators have the ability to throttle PCoIP is now built into some of the View 4.5 adm files. The throttling can give minimum and maximums on bandwidth consumption.

• If you want to avoid the $100/year Microsoft VDA license, you can purchase a barebones PC with Windows licensing, no hard drive and maintain software assurance. This will drop your yearly cost in half since SA is normally about 30% of the cost of the OS purchase.

• USB load across PCoIP will show as more bandwidth than you probably imagine. This sounds like something that might not matter, except when your users want to sync their iTunes all at the same time.

More to come, stayed tuned throughout the week, tomorrow should be some more technical View info.

Blogging Away at VMware Partner Exchange 2011

Partner conferences are the latest way that large companies look to build relationships with resellers and users. Clearpath is a premier partner with VMware and I have the good fortune of making the trip to Partner Exchange 2011, one of VMware’s two annual conferences.

The term partnership is probably one of the more overused words in the IT industry, but there are a few companies that do a good job of making sure that the needs of the consumer, the reseller, and the vendor are all met. VMware has taken the concept of partner to heart. From the customer standpoint, a user can save on both operating and capital expenses and enhance their management by using VMware technologies. For resellers and solution providers, VMware provides resources to aid with both technical and sales solutions. The solution providers and customers build a relationship around the virtualization management that is unparalleled across the IT industry. All of this leads to VMware implementing a development process with customer and partner feedback; resulting in solutions that are easy to sell and helpful to use, a win-win in the IT world.

The Partner Exchange conference promises to provide the extra level of technical knowledge that all customers should expect from their reseller, along with a sneak peek into the future of virtualization and the enterprise. During the conference, I will being posting a series of short blogs that will cover the innovations and advancements released at Partner Exchange. As many of you know my focus is on the endpoint: desktop, mobile and anything else that involves end user interaction, and I will try to stay focused on that segment.

Stay tuned and feel free to post in the comments section of the blogs or on Twitter (http://www.twitter.com/mletschin) any questions you would like answered about VMware or any of the exhibitors. I will do my best answer to them or pass them around to the vast technical community meeting here. I may even throw in a surprise video blog along the way if some of the VMware content or an exhibiting vendor looks especially interesting.

Will Blackberry and VMware finally get rid of the beltclip?

The newest trend being released for mobile devices looks to solve the single most annoying, and fashion unfriendly look that business people and IT staff alike have had to face in the last 15 years. The growth of mobile devices in the workforce has led to many people carrying multiple devices, often a personal phone, a smartphone for work, or a Blackberry. This directly led to the dreaded multiple belt holster, or “batman belt.” In the past two months both Android, in conjunction with VMware, and Blackberry have announced products to eliminate the use of multiple devices.

Blackberry Balance and the VMware Mobile Virtualization Platform both allow a consumer to bring their own smartphone into their corporate environment without an IT department worrying about security, compliance, or management challenges. This separation allows users to have personal applications like social media, gps, and games without compromising corporate email security.

The Blackberry app looks to run as just that, an app. This allows for corporate email to come from a Blackberry Enterprise Server and separates the email and calendar events from the rest of the personal blackberry.

By contrast, the VMware/Android platform will run what appears to be a complete smartphone for each use case, business and personal. Advantages to this platform will be the ability to turn off a business component or remove it remotely. Additionally, corporations will be able to publish corporate images regardless of phone type, minimizing the administrative tasks for IT departments. In theory, the VMware option will allow a user to move from company to company without making any changes to their personal device.

Both of these options may end up being cost savers for corporate IT shops in device acquisition, service plans, and staff hours. The ability to offload the device maintenance and service cost to the employee could be the hook that RIM needs to stay in the corporate environment. These same features and flexibility could bring Android to the forefront of enterprise mobile devices. Now the two real questions will be what Apple will do to stay competitive in the corporate/personal front, and what is going to happen to all those belt clips?


Virtual Desktops : A Glossary of Terms

While preparing this series of blogs on virtual desktops, it occurs to me that virtual desktop, like all technologies, has its own set of acronyms and terminology that may not be commonplace for everyone, but are necessary to define and understand. With that in mind, this first blog is actually a condensed glossary of acronyms and terms relevant to virtual desktop solutions. My next blog will outline the steps necessary to roll out a virtual desktop infrastructure in your environment… not surprisingly, the terms below will be used frequently:

VDI: Acronym for Virtual Desktop Infrastructure; this is the entire environment required to run virtual desktops including servers, storage, endpoints (thin or thick clients), software, and images.

Hardware Thin Client: A hardware device that replaces a traditional desktop or laptop. Hardware thin clients have few or no moving parts and provide ports for peripheral device connections (keyboards, mouse, monitor, etc.)

Connection Broker: The connection broker maintains a list of available virtual desktops, and when a client makes a request it provides the client with the connection information (including authentication) for the appropriate virtual desktop.

Base Image: A base image is the minimum desktop and application requirements for a set group of users. This would be used as a starting point for all full desktop deployments. A base image will allow you to minimize the applications that need to be managed when deploying desktops. When you know that office, a PDF reader, and your main enterprise application will be used by every employee, why would you want to manage them separately?

Full Clone: A full clone is an exact replica of a virtual machine at a point in time. This clone will take the same storage and performance requirements of the original image. The full clones are normally used when you have group of desktops that will be assigned to a specific user group, and they allow you to install applications or any other desktop customization. Full clones are your most resource-intensive group of virtual desktops that can be deployed and should be used only when absolutely needed.

Replica Disk: The replica disk is a full clone of the base image that is used to take snapshots of the base image for the creation of linked clones. This is normally a read-only copy of the base image. If you created linked clones you will take a snapshot of the replica disk and users will work off of the snapshot. This consumes the full CPU and memory resources of the base image, but only for changes done by the user.

Linked Clone: A linked clone is a snapshot of a replica disk that is accessed by users. This snapshot only consumes the storage resources as it is used. A full sized clone would take the same amount of storage as the original. This will allow you to save upwards of 90% of the storage needed for a full desktop clone pool.

Virtualized applications: Virtualized applications are applications that have been packaged to run independently of the operating system. Virtualized applications can be presented to desktop pools or shared via file share. These virtualized applications would be used to augment a base image. The application that might be used by one department in addition to the standard apps could be virtualized to ease management.

Persistent vs. Non-Persistent: A persistent pool would mean that a user would always access the same virtual desktop; this is most commonly used when a user has access to make changes to their system, for instance, administrative rights or application installs. In a non-persistent or floating pool, the user could receive any desktop in the pool. Floating pools are most often used in office environments or call centers. When any user logs in they could get any machine in the pool and their profile would migrate with the user.

User Profile: The user profile can include all the settings that a user would change, to include the desktop background, files and icons on the desktop, and any settings assigned through application installation. User profiles are part of a user’s active directory profile and are used regardless of a physical or virtual desktop.

How to Add a SSL Cert to View 4.5

VMware has made great strides in building documentation for View 4.5 compared to the VDI and View 3 days; however there is one spot where their documentation is lacking.  Most administrators want to make sure that if they build a SSL encrypted website, they can purchase a trusted certificate and install it without any major issues.  I spent the better part of a day trying to find out how to combine the VMware documentation with my hands-on experience to get a GoDaddy Cert on two View Connection Servers.  In this case, I did not add security servers, however after a little more testing I found out the process is the same.  For more info if you need it refer to the VMware View 4.5 Installation Guide (www.vmware.com/pdf/view45_installation_guide.pdf). So without further ado, here are the steps to get a SSL certificate installed on a set of View 4.5 Servers.

1. Add Keytool to the system Path.
a. Right-click on My Computer
b. On the Advanced tab, click Environment Variables.
c. In the System variables group, select Path and click Edit.
d. Type the path to the JRE directory in the Variable Value text box. Use a semicolon (;)
to separate each entry from other entries in the text box.
Example: C:Program FilesVMwareVMware ViewServerjrebin
          *If you changed your install path – change it here also
2. Generate a keystore
a. Open a command prompt and go to the root of C:
b. Type:
“keytool -genkey -keyalg “RSA” –keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360
Note the added keysize argument. This is needed for GoDaddy and most Trusted providers
c. When asked for a password, make sure you write it down, you will need it later
d. When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN)
that client computers use to connect to the host. (i.e view.yourcompany.com)
This should be your load balanced FQDN not the individual servers. VERY
3. Configure the View Connection Server for the self signed cert
a. Copy c:keys.p12 to the SSLGateway configuration directory
For example: install_directoryVMwareVMware ViewServersslgatewayconf
Only copy the file since you will need it to create the csr it is easier on the root of c:
b. Create a file called locked.properties (Make sure you save it as a .properties file not .txt)
c. Edit the file with notepad and add the following lines
keypass=”The password you set when creating the keystore” (i.e. keypass=p@ssw0rd)
d. Restart the View Connection Server service. This will restart a few services include the web
services so be a little patient. You will now have a self-signed certificate.
The next part is to get a certificate from GoDaddy and install it.
4. Create a CSR
a. Open a command prompt and go to the root of C:
b. Type:
“keytool -certreq -keyalg “RSA” -file certificate.csr –keystore keys.p12 – storetype pkcs12 –storepass secret”
Replace the word secret with the password you set earlier.
c. A new file will be created c:certificate.csr
5. Get a Signed Certificate
a. Open c:certificate.csr with a text editor
b. Copy all of the text from the .csr into the GoDaddy website. It should look like the graphic below
c. Once you have copied this into GoDaddy and processed the Cert you will need to download the cert.
Choose to download the cert for Tomcat.
d. Unzip the file and open the certificate named for your domain

6. Create a file to add to the keystore

a. Click on the details tab and click Copy to file
b. The Certificate Export wizard appears
c. Specify PKCS#7 format, include all certificates in the certification path, and
then click next.
d. Specify a filename and click Next.
e. Click Finish to export the file in PKCS#7 format.
7. Import the file into the keystore
a. Open a command prompt and go to the root of C:
b. Type:
“keytool -import -keystore keys.p12 -storetype pkcs12 -storepass secret -keyalg “RSA” -trustcacerts -file certificate.p7”
Replace secret with your password. Your file may also be .p7b so if it is change the line above to reflect that.
c. Copy c:keys.p12 to the SSLGateway configuration directory
For example: install_directoryVMwareVMware ViewServersslgatewayconf
d. Restart the View Connection Server service
To add the certificate to the second View Connection Broker simply copy the keys.p12 and locked.properties file to the SSLgateway directory on the second server and restart the View Connection Server Service.
Once you have this all set you should be able to look at your standard web browser and see your great new certificate.  Good luck and hopefully this was helpful to others out there.

Make your own thin client in 30 minutes or less

When repurposing your desktops as a thin client – most users choose to keep a base windows image or replace it with a thin os to get you to your view desktop (ex. VDIBlaster). Both of these cost $, but a new free approach that is easy to do with the instructions below is to make your own thin client. The use of Meego, a very user friendly Linux distribution, combined with the VMware View open Client allows for a free(if you have old hardware) and fast do it yourself thin client. Just follow the instructions below.

1. Download Meego from http://meego.com/downloads

2. Install Meego to the hard drive of any system(it will work as a Virtual machine as well)

3. From the Home menu select Tools, then Terminal

4. Type “su” Password is “meego”

5. Type “sudo yum search firefox”

6. Type “sudo yum install firefox.i586” Substitute the proper package from the search. Select yes to download and install the package

7. From the Home Menu select Application Finder

8. Type Firefox into the search field and open the browser

9. In the browser go to http://lazyfai.dyndns.org/MeeGo/rdesktop

10. Save the rdesktop-1.6.0-7.meego.i586.rpm

11. In the browser go to http://code.google.com/p/vmware-view-open-client/downloads/list/

12. Save the VMware-view-open-client-4.5.0-271013.i386.rpm file 

13. Return to the terminal

14. Type “ls” to list the files in the location you saved them

15. Type “rpm –ivh rdesktop-1.6.0-7.meego.i586.rpm”

16. Type “rpm –ivh VMware-view-open-client-4.5.0-271013.i386.rpm”

17. Return to the Application Finder and type “vm” Open the VMware View Open Client

18. Enter the View Manager DNS Name

19. Enter a Username and Password

20. Select the View Pool to connect to

21. Wait for the machine to connect

22. Start using your virtual machine

VMware View 4.5 Features and Why you should care

VMware View has moved to a next generation of virtual desktops, announcing today the release of the 4.5 version of its flagship desktop platform.  With general availability in mid-September, View 4.5 will allow for full Windows 7 support and better integration between ThinApp and View.  The ability to have role based authentication is also key to this release along with support for vSphere 4.1.  Below is a breakdown of the major new features that have been released today and why you should care…

Enhanced User Experience

  • View Client with Local Mode – If you have a traveling workforce this allows you to check out a machine from the view infrastructure and work without network connectivity.  The checked out virtual machine is fully encrypted and still inherits its policies from the View infrastructure. Active Directory Group Policy is also used to secure these roaming virtual machines.
  • Full Windows 7 support – Rather self-explanatory but Windows 7 is fully supported by View 4.5. With XP going end of life soon, the migration to Windows 7 as a virtual machine using existing hardware is now fully possible and supported.
  • View Client for Mac OS X – Most Mac users would rather not be caught with a Microsoft product on their machines; however in the enterprise this is not always possible.  Now Mac users can access the corporate environment and use Windows resources natively.

Simplified and Integrated Management

  • Integrated Application Assignment – No more need to script application deployment, application installs through Active Directory or use custom location based scripting for some machines.  Now applications can be published to a specific pool through the View interface.
  • Rich Graphical Dashboards – Pictures always make things easier to understand!
  • Role Based Administration – Let the help desk staff manage the PCs while making sure the storage and server admins can monitor the space and resources on your VM cluster.
  • Integration with Microsoft SCOM and PowerShell – Integration with your existing monitoring and management and the ability to use powershell scripting with your systems.  The first step to fully automated deployments.

Best Desktop Infrastructure Platform

  • Support for vSphere 4.1 and vCenter 4.1 – You wanted to upgrade your server infrastructure, now your desktops are not holding you back.
  • Increased scalability – Build machines to your heart’s content.  Up to 10,000 desktops per pod with the reference architectures.
  • Optimized Anti-virus Protection – This takes the load off the desktops and allows for better consolidation numbers.  Use one of the new VMSafe antivirus packages to protect your endpoints.

Lowest Acquisition Cost and Total Cost of Ownership

  • Tiered storage support in View 4.5 – Now you can store your OS disk on the high performance disk, but the users MP3 collection can go on cheap SATA disk.
  • Lowest Cost Reference Architectures – These are a how-to guide for all the major software/hardware vendors.

If you have any questions about migration or deploying VMware View 4.5, fill out the contact us form at the top of the webpage or call (866) 892-3154 and we’ll be happy to assist.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑